Plugins | WPFore

Accessibly – WordPress Website Accessibility Vulnerability (High) -…

by Ivan Sorkin | Apr 14, 2026 | Plugins

Attack Vectors Accessibly – WordPress Website Accessibility (slug: otm-accessibly) is affected by a High-severity issue that enables unauthenticated Stored Cross-Site Scripting (XSS) in versions <= 3.0.3 (CVE: CVE-2026-3643, CVSS 7.2). An external attacker can...

Petje.af Vulnerability (Medium) – CVE-2026-4002

by Ivan Sorkin | Apr 14, 2026 | Plugins

Attack Vectors The Petje.af WordPress plugin (slug: petje-af) is affected by a Medium-severity Cross-Site Request Forgery (CSRF) vulnerability (CVE-2026-4002, CVSS 4.3: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) in versions up to and including 2.1.8. Because CSRF...

Coachific Shortcode Vulnerability (Medium) – CVE-2026-4005

by Ivan Sorkin | Apr 14, 2026 | Plugins

Attack Vectors CVE-2026-4005 is a Medium-severity Stored Cross-Site Scripting (XSS) vulnerability (CVSS 6.4) affecting the Coachific Shortcode WordPress plugin (slug: coachific-shortcode) in all versions up to and including 1.0. The attack requires an authenticated...

WM JqMath Vulnerability (Medium) – CVE-2026-3998

by Ivan Sorkin | Apr 14, 2026 | Plugins

Attack Vectors WM JqMath (slug: wm-jqmath) versions 1.3 and below are affected by a Medium-severity Stored Cross-Site Scripting (XSS) vulnerability tracked as CVE-2026-3998 (CVSS 6.4, vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N). The attack requires an...

WP Circliful Vulnerability (Medium) – CVE-2026-3659

by Ivan Sorkin | Apr 14, 2026 | Plugins

Attack Vectors CVE-2026-3659 is a Medium severity (CVSS 6.4, CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N) Stored Cross-Site Scripting (XSS) vulnerability affecting the WP Circliful WordPress plugin (slug: wp-circliful) in versions up to and including 1.2. The attack...

Katalogportal-pdf-sync Widget Vulnerability (Medium) – CVE-2026-3649

by Ivan Sorkin | Apr 14, 2026 | Plugins

Attack Vectors Medium-severity vulnerability (CVSS 5.3) in Katalogportal-pdf-sync Widget (slug: katalogportal-pdf-sync) affects all versions up to and including 1.0.0. An attacker does not need to trick a user into clicking anything; they only need any authenticated...

« Older Entries

Next Entries »

Accessibly – WordPress Website Accessibility Vulnerability (High) -…

Petje.af Vulnerability (Medium) – CVE-2026-4002

Coachific Shortcode Vulnerability (Medium) – CVE-2026-4005

WM JqMath Vulnerability (Medium) – CVE-2026-3998

WP Circliful Vulnerability (Medium) – CVE-2026-3659

Katalogportal-pdf-sync Widget Vulnerability (Medium) – CVE-2026-3649

Recent Posts

Recent Comments

Archives

Categories

Meta

Location

Follow Us

Subscription

Success!